The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.
Other
7.99k
stars
1.65k
forks
source link
Use client certificate from store in cpprestsdk #1748
to establish a websocket connection to a endpoint requiring a client certificate which is stored in the windows certificate store thanks to cpprestsdk;
the possibility to receive a more verbose output on failure than a generic "TLS handshake failed".
I am using microsoft-signalr as an interface to cpprestsdk. I tryied to bind my client certificate as such:
void AddCertToCTX(boost::asio::ssl::context &ctx) {
// Get context from windows store (_mystore & _myhash are correct. I used the same context for other successfull http request)
PCCERT_CONTEXT clientCertificate = CertFindCertificateInStore(_mystore, X509_ASN_ENCODING,0,CERT_FIND_HASH,&_myhash,nullptr);
SSL_CTX *handle = ctx.native_handle();
X509_STORE *store = X509_STORE_new();
X509 *x509 = d2i_X509(NULL,
(const unsigned char **)&clientCertificate->pbCertEncoded,
clientCertificate->cbCertEncoded);
if(x509 != NULL) {
X509_STORE_add_cert(store, x509);
X509_free(x509);
}
SSL_CTX_set_cert_store(ctx.native_handle(), store);
}
// [...]
web::websockets::client::websocket_client_config ws_cfg = cfg.get_websocket_client_config();
ws_cfg.set_ssl_context_callback([this](boost::asio::ssl::context &ctx) { AddCertToCTX(ctx); });
cfg.set_websocket_client_config(ws_cfg);
// [...]
// Output: [error ] [websocket transport] exception when connecting to the server: set_fail_handler: 8: TLS handshake failed
I failed to neither increase the verbosity or to get rid of this error.
I give a follow up to my issue which was closed because of my late answering 😬 (sry): https://github.com/dotnet/aspnetcore/issues/46482
I wish:
I am using microsoft-signalr as an interface to cpprestsdk. I tryied to bind my client certificate as such:
I failed to neither increase the verbosity or to get rid of this error.